CVE-2023-1671 - Sophos Web Appliance Command Injection Vulnerability
Project:Sophos
Product:Web Appliance
Date Added:2023-11-16Due Date:2023-12-07
Vulnerability Name
Sophos Web Appliance Command Injection Vulnerability
Description
Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
https://nvd.nist.gov/vuln/detail/CVE-2023-1671